WordPress Plugin Vulnerabilities

Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal

Description

The plugin does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.

Proof of Concept

Affects Plugins

Plugin icon
image-optimizer-wd
Fixed in 1.0.27

References

CVE
CVE-2023-2117

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Chien Vuong
Submitter
Chien Vuong
Verified
Yes
WPVDB ID
44024299-ba40-4da7-81e1-bd44d10846f3

Timeline

Publicly Published
2023-05-02 (about 2 years ago)
Added
2023-05-02 (about 2 years ago)
Last Updated
2023-05-02 (about 2 years ago)

Other

Published
Title
Published
2016-03-29
Title
Ebook Download < 1.2 - Directory Traversal
Published
2024-06-06
Title
Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.8.24 - Authenticated (Contributor+) Path Traversal via esc_dir Function
Published
2019-10-11
Title
ArForms < 4.0 - Unauthenticated Arbitrary File Deletion via Traversal
Published
2019-02-14
Title
WP Cost Estimation < 9.660 - Upload Directory Traversal
Published
2022-09-14
Title
Enable Media Replace < 4.0.0 - Admin+ Path Traversal